Revision Of Documents In ISO 9000 Standards

Documenting A Quality Management System

Documenting A Quality Management System

The ISO 9000 Standards requires the organization to document a quality management system in accordance with the requirements of ISO 9001. A document (according to ISO 9000 clause 2.7.1) is information and its supporting medium. A page of printed information, a CD ROM or a computer file is a document, implying that recorded information is a document and verbal information is not a document.
Clause 4.2 requires the management system documentation to include certain types of documents and therefore does not limit the management system documentation to the types of documents listed.
As a management system is the means to achieve the organization’s objectives, and a system is a set of interrelated processes, it follows that what has to be documented are all the processes that constitute the system.
While there is a reduction in emphasis on documentation in ISO 9001:2008 compared with the 1994 version, it does not imply that organizations will need less documentation to define their management system. What it does mean is that the organization is left to decide the documentation necessary for effective operation and control of its processes. If the absence of specific documentation does not adversely affect operation and control of processes, such documentation is unnecessary.
Before ISO 9000 came along, organizations prospered without masses of
documentation and many still do. Those that have chosen not to pursue the
ISO 9000 path often only generate and maintain documents that have a useful purpose and will not produce documents just for auditors unless there is a legal requirement. Most of the documentation that is required in ISO 9000 came about from hindsight – the traditional unscientific way organizations learn and how management systems evolve.
ISO 9000 contains a list of valid reasons for why documents are necessary as below:
- To communicate requirements, intentions, instructions, methods and results effectively
- To convert solved problems into recorded knowledge so as to avoid having
to solve them repeatedly
- To provide freedom for management and staff to maximize their contribution to the business
- To free the business from reliance on particular individuals for its effectiveness
- To provide legitimacy and authority for the actions and decisions needed
- To make responsibility clear and to create the conditions for self-control
- To provide co-ordination for inter-departmental action
- To provide consistency and predictability in carrying out repetitive tasks
- To provide training and reference material for new and existing staff
- To provide evidence to those concerned of your intentions and your actions
- To provide a basis for studying existing work practices and identifying
opportunities for improvement
- To demonstrate after an incident the precautions which were taken or which should have been taken to prevent it or minimize its occurrence
If only one of these reasons make sense in a particular situation, the
information should be documented. In some organizations, they take the
view that it is important to nurture freedom, creativity and initiative and
therefore feel that documenting procedures is counterproductive. Their view is that documented procedures hold back improvement, forcing staff to follow routines without thinking and prevent innovation. While it is true that blindly enforcing procedures that reflect out-of-date practices coupled with bureaucratic change mechanisms is counter productive, it is equally shortsighted to ignore past experience, ignore decisions based on valid evidence and encourage staff to reinvent what were perfectly acceptable methods.
Question by all means, encourage staff to challenge decisions of the past, but
encourage them to put forward a case for change. That way it will cause
them to study the old methods, select the good bits and modify the parts that are no longer appropriate. It is often said that there is nothing new under the sun – just new ways of packaging the same message.

History and Evolution of ISO 9000 Standards

Pre ISO 9000
During World War II, there were quality problems in many British industries such as munitions, where bombs were exploding in factories during assembly. The solution adopted to address these quality problems required factories to document their manufacturing procedures and to prove by record-keeping that the procedures were being followed. The standard was BS 5750, and it was known as a management standard because it specified not what to manufacture, but how the manufacturing process was to be managed. In 1987, the British Government persuaded the International Organization for Standardization (ISO) to adopt BS 5750 as an international standard. The international standard was named http://www.iso9001store.comISO 9000.

ISO 9000: 1987 Version
ISO 9000:1987 had the same structure as the British Standard BS 5750, with three ‘models’ for quality management systems, the selection of which was based on the scope of activities of the organisation:
• ISO 9001:1987 Model for quality assurance in design, development, production, installation, and servicing was for companies and organisations whose activities included the creation of new products
• ISO 9002:1987 Model for quality assurance in production, installation, and servicing had basically the same material as ISO 9001 but without covering the creation of new products.
• ISO 9003:1987 Model for quality assurance in final inspection and test covered only the final inspection of finished product, with no concern for how the product was produced.
ISO 9000:1987 was also influenced by existing U.S. and other Defense Standards (MIL SPECS), and so was well-suited to manufacturing. The emphasis tended to be placed on conformance with procedures rather than the overall process of management—which was likely the actual intent.

ISO 9000:1994 (Year 1994 Revision)
ISO 9000:1994 emphasised quality assurance via preventive actions, instead of just checking final product, and continued to require evidence of compliance with documented procedures. As with the first edition, the down-side was that companies tended to implement its requirements by creating shelf-loads of procedure manuals, and becoming burdened with an ISO bureaucracy. In some companies, adapting and improving processes could actually be impeded by the quality system.

ISO 9000:2000 (Year 2000 Revision)
ISO 9001:2000 combines the three standards 9001, 9002, and 9003 into one, called 9001. Design and development procedures are required only if a company engages in the creation of new products. The 2000 version sought to make a radical change in thinking by placing the concept of process management front and centre (”Process management” was the monitoring and optimising of a company’s tasks and activities, instead of just inspecting the final product). The Year 2000 version also demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators. Another goal is to improve effectiveness via process performance metrics — numerical measurement of the effectiveness of tasks and activities. Expectations of continual process improvement and tracking customer satisfaction were made explicit.

ISO 9000:2008 (Year 2008 Revision)
The new ISO 9001:2008 was published on 15 November 2008. ISO 9001:2008 uses the same numbering system as ISO 9001:2000 to organise the standard. As a result, the new ISO 9001:2008 standard looks very much like the old standard. No new requirements have been added. However, some important clarifications and modifications have been made.

As with the release of previous versions, organisations registered to ISO 9001:2000 will be given a period to transition to the ISO 9001:2008 standard, assuming changes are needed.

ISO 9000 — a way of managing for conformance
Quality assurance, according to the Standard, is a way of managing that prevents non-conformance and thus “assures quality”. This is what makes ISO 9000 different from other standards: it is a management standard, not a product standard. It goes beyond product standardisation: it is standardising not what is made but how it is made. To use standards to dictate and control how organisations work was to extend the role of standards to new territory. To take such a step we might have firstly established that any such requirements worked — that they resulted in ways of working which improved performance.
Yet the plausibility of this Standard, and the fact that those who had an interest in maintaining it were (and still are) leading opinion, prevented such enquiries. In simple terms the Standard asks managers to say what they do, do what they say and prove it to a third party.
ISO 9000 (1994) paragraph 1: “The requirements specified are aimed primarily at achieving customer satisfaction by preventing non-conformity at all stages from design through servicing.”
To put it another way, the Standard asserts that preventing non-conformance achieves customer satisfaction. But does it? Of course it matters to customers that a product works. But there is no guarantee that the Standard will ensure even that. Furthermore, customers take a total view of an organisation — how easy it is to do business with — in respect of all things of importance to each and every customer.
ISO 9000 requires managers to “establish and maintain a documented quality system as a means of ensuring that product conforms to specified requirements”. Loosely translated this is “say what you do”. Management is supposed to “define and document its policy for quality . . . including its commitment to quality”.
What management would not declare its commitment to quality? But would they know what it means? Would they argue (as they should) that quality management is a different and better way to do business, or would they believe that ISO 9000 will take care of quality? The Standard encourages managers to think of “quality” and “business as usual” as separate and distinct. It helps managers avoid the revelation that quality means a wholly different view of management. Instead, the organisation “shall appoint a management representative who, irrespective of other responsibilities, shall have defined authority and responsibility” [for ISO 9000]. At a practical level this means only one executive might decide he or she had better learn a thing or two about quality. However, would being responsible for ISO 9000 lead to learning about quality or simply enforcing the ISO 9000 regime in an organisation?
Key to the regime is auditing. The Standard requires organisations to conduct internal quality audits to “verify whether quality activities comply with planned arrangements”. This can be loosely translated as “do you do as you say?” and the purpose of the audit is to see that you do. It was not until the 1994 review that the words were changed to “quality activities and related results”. It was a Standard which was rooted in the philosophy of inspection: fifteen years after its initial promulgation the promoters sought to extend the focus to results. But results or improvements assessed by what means? Inspection. By the time the Standard was adopted world-wide, quality thinking had moved a long way from the philosophy of inspection. It is now understood, at least by a few, that quality is achieved through managing the organisation as a system and using measures which enable managers to improve flow and reduce variation (which we explore in chapters 5 and 7). The defenders argue that there is nothing stopping a company having ISO 9000 and implementing methods for managing flow and reducing variation, but where are such companies? Few of the companies we researched, formally and informally, knew anything about this thinking. The Standard does not talk about it; moreover, the Standard effectively discourages managers from learning about it by representing quality in a different way.
According to ISO 8402 (quality vocabulary), quality is:
“The totality of features and characteristics of a product or service that bear on its ability to satisfy stated or implied needs.”
Everything we have learned about ISO 9000 suggests that the people who created this definition were thinking about the things which need to be controlled, those things which “bear on its ability . . .”. The builders of the Standard assumed that customer needs would be listed in contractual agreements between the supplier and customer. ISO 9000 has a “make” logic — procedures for “how you do what you do” — and a “control” logic — check to see that it is done. It is a relic of the era when contractual agreements were perceived to be an important device for regulating the behaviour of suppliers. In these ways, ISO 9000 encouraged “planning for quality”.
Planning for quality sounds plausible, but it assumes many things: that the plan is the right plan, that it is feasible, that people will “do it”, that performance will improve. It is an approach which, paradoxically, leads to poor decisions. Planners of quality systems, guided by ISO 9000, start with a view of how the world should be as framed by the Standard. Understanding how an organisation is working, rather than how someone thinks it should, is a far better place from which to start change of any kind.

ISO 9000 Standard Books & Magazines

Here are some of the ISO 9000 & ISO 14001 related books & magazines available for online order.
1. ISO Management Systems – English Edition (Magazine Subscription) by Amazon
Format: Magazine
Shipping: Currently, item can be shipped only within the U.S.
Publisher: Iso Central Secretariat
ASIN: B00006KJFO
Iso Focus C-W Iso Management Systems – English ed
2. ISO Focus (Magazine Subscription) by Amazon
Magazine of the International Organization for Standardization providing a panoramic view of what is being done in international standardization, why it has been done and what will be done.
Format: Magazine
Shipping: Currently, item can be shipped only within the U.S.
Publisher: Iso Central Secretariat
ASIN: B0001MS4E6
Iso Focus
3. ISO 9000 Quarterly Report (Magazine Subscription) by Amazon
Format: Magazine
Shipping: Currently, item can be shipped only within the U.S.
Publisher: Rfp Report
ASIN: B00007J7K4
Iso 9000 Quarterly Report
4. A Basic Guide To ISO 14000 – Environment Management System (EMS) provides you with all of the basic information you need in ISO 14000 and ISO 14001:2004.
What is ISO14000
Benefits of ISO 14000
History of ISO 14000
ISO 14000 Certification
ISO 14000 Process Check List
Contents Of ISO 14001:2004
Key Elements Of ISO 14001:2004
Environment Management System Manual
AND MUCH, MUCH MORE!

The Benefits To Integrate ISO 14001:2004 and ISO 9001:2008

The Benefits To Integrate ISO 14001:2004 and ISO 9001:2008
Reduce the time and cost of implementing the new specification by acquiring a concise, yet thorough understanding the scope of ISO 14001:2004 and key terms.
Avoid spinning your wheels by learning precisely which modifications and additions to ISO 14001:2004 require your attention for compliance with ISO 9001:2008.
Get a quick handle, through hands-on activities, on the environmental aspects of ISO 14001:2004, including how to:- Develop an environmental policy statement appropriate for your company- Integrate processes for identifying environmental aspects and impacts- Identify environmental objectives, set related targets, and establish programs for achieving results- Integrate environmental responsibilities and authorities into a management system- Outline an environmental awareness and training program- Establish environmental metrics and indicators for monitoring performance- Integrate requirements on non-conformance and corrective and preventive actions into your existing system- Understand the purpose and scope of the environmental management review- Integrate document control requirements of ISO 14001:2004 into your current system- Identify those operations that need to be controlled under EMS and identify emergency operations and contingencies that must be considered as part of EMS
Get off to a running start by learning to use a versatile prioritization matrix to identify and prioritize significant environmental aspects and impacts.
Optimize understanding and retention with the Plexus Learning Model- Multiple learning channels through lecture, coaching, group activities, innovative learning exercises and case studies.- Hands-on insights. Lecturing is minimized so learning is maximized.- Learn by doing. Connect the lessons learned to your real world by using your current circumstances as examples for activities.

Demonstrating conformity with ISO 9001:2008

Demonstrating conformity with ISO 9001:2008
For organizations wishing to demonstrate conformity with the requirements of ISO 9001:2008, for the purposes of certification/registration, contractual, or other reasons, it is important to remember the need to provide evidence of the effective implementation of the QMS.
Organizations may be able to demonstrate conformity without the need for extensive documentation.
To claim conformity with ISO 9001:2008, the organization has to be able to provide objective evidence of the effectiveness of its processes and its quality management system. Clause 3.8.1 of ISO 9000:2005 defines “objective
evidence” as “data supporting the existence or variety of something” and notes that “objective evidence may be obtained through observation, measurement, test, or other means.”
Objective evidence does not necessarily depend on the existence of documented procedures, records or other documents, except where specifically mentioned in ISO 9001:2008. In some cases, (for example, in clause 7.1(d)
Planning of product realization, and clause 8.2.4 Monitoring and measurement of product), it is up to the organization to determine what records are necessary in order to provide this objective evidence.
Where the organization has no specific internal procedure for a particular activity, and this is not required by the standard, (for example, clause 5.6 Management Review), it is acceptable for this activity to be conducted using as a basis the relevant clause of ISO 9001:2008. In these situations, both internal and external audits may use the text of ISO 9001:2008 for conformity assessment purposes.

KEY CONSIDERATIONS IN IMPLEMENTING ISO 9001 IN SMEs

KEY CONSIDERATIONS IN IMPLEMENTING ISO 9001 IN SMEs
There are many issues that must be addressed in moving the QMS from the initial state to the desired state. For example, all organizations implementing ISO 9001 will need to consider the unique culture within the organization, its size, and the resources available. Beyond those widely discussed points, three issues that merit particular attention are (1) consideration of the QMS as a parallel function, (2) training, and (3) auditing. Key points associated with these issues are discussed below.
Consideration of QMS as Parallel Function
In the case of all of the transitions depicted, real benefits from the QMS are more likely to be experienced if the QMS is implemented directly into the core structure of the organization. SMEs must be cautious against establishing a QMS that is run separately in parallel to its other systems. In SMEs, the parallel subsystem most commonly exhibits itself as a separate Quality Assurance, or in some cases, ISO 9001 department. Possible reasons for this may include the existence of rigid departmental boundaries in some SMEs or overemphasis on core activities. As Yauch and Steudel [10] note, SMEs tend to focus their attention on “…necessary routine activities (such as sales, production, shipping, etc.) rather than activities aimed at improving processes or systems.” If a SME insists on establishing a separate quality department, its level of effectiveness can be increased by embedding the QMS in widely-used organizational systems where practical. The integration is largely a function of how well the QMS manages to share information with other subsystems and its ability to align with the policies, norms, goals, and values in place throughout the organization.
Training
In SMEs, training and staff development is more likely to be ad hoc and small scale because of modest human and financial resources and the absence of a specific training budget. To prevent the problems arising from lack of education and training, two things must be done:
1. Education of Top Management: The centralization of decision-making processes within many SMEs means that the management can either be the main stumbling block to change or the main catalyst for change. Therefore, any approach to ISO 9001 implementation must involve considerable education for the top management of the organization to create awareness and understanding of the implementation process as a change initiative. Implementing a fully functional and documented QMS requires motivation by top management to appreciate, achieve, and implement the necessary measures to meet the standards’ criteria.
2. Education and Training of Employees: SMEs are often under pressure to quickly gain ISO 9001 registration. Meeting the requirements of the standard in a short period of time can prove a formidable obstacle for a small company. Since most SMEs do not possess the needed expertise internally, they may be inclined to hire external experts to provide the necessary technical expertise and manpower. However, having a functioning and documented QMS requires more than that. It requires ensuring that all employees in the organization clearly know what is expected of them and how they can contribute to the attainment of their organizations’ goals. This will likely require the preparation and implementation of a training plan tailored specifically to the unique characteristics and maturity level of the SME.
Auditing
As emphasized throughout the paper, a QMS is not going to produce the expected results unless it is fully functional. While auditing must therefore verify the existence of the necessary documentation, it must also focus on the functionality of the QMS. The measurement of the functionality and the qualitative and financial impacts of a QMS have been the subject of several studies, including Kaynak [11]. Among the categories used to measure functionality and performance improvement, two are particularly noteworthy for our purposes: management commitment and employee involvement. A QMS cannot be functional in the absence of those two characteristics. Therefore, as a minimum, internal and external auditors should continually verify top management’s commitment to increased company-wide quality awareness and improvement in addition to employee involvement in the design, implementation, operation, and improvement of quality related processes and procedures.

IMPLEMENTATION GUIDANCE FOR ISO 9001:2008

IMPLEMENTATION GUIDANCE FOR ISO 9001:2008
This Implementation Guidance has been developed to assist users in understanding the issues that need to be considered during the co-existence period between ISO 9001:2000 and ISO 9001:2008.
While the changes between ISO 9001:2000 and ISO 9001:2008 are expected to have a limited impact on users, some arrangements regarding implementation are needed.
Note: To reflect the limited scope of the changes the term “implementation” is now being used to make a clear distinction with the former “transition” from ISO 9001:1994 to ISO 9001:2000, when there were significant changes throughout the standard.
A wide diffusion of this implementation guidance is recommended, in particular the comparison table between ISO 9001:2008 and ISO 9001:2000, given in Annex B to ISO 9001:2008.
ISO 9001:2008 has been developed in order to introduce clarifications to the existing requirements of ISO 9001:2000 and to improve compatibility with ISO 14001:2004. ISO 9001:2008 does not introduce additional requirements nor does it change the intent of the ISO 9001:2000 standard.
Certification to ISO 9001:2008 is not an “upgrade”, and organizations that are certified to ISO 9001:2000 should be afforded the same status as those who have already received a new certificate to ISO 9001:2008 No new requirements were introduced in this edition but, in order to benefit from the clarifications of ISO 9001:2008, users of the former version will need to take into consideration whether the clarifications introduced have an impact on their current interpretation of ISO 9001:2000, as changes may be necessary to their QMS In order to assist organizations to have a full understanding of the new ISO 9001:2008, it may be useful to have an insight on the revision process, how this revision reflects the inputs received from users of the standard, and the consideration given to benefits and impacts during its development.
Prior to the commencement of a revision (or amendment) to a management system standard, ISO/Guide 72:2001 Guidelines for the justification and development of management system standards recommends that a “Justification Study” is prepared to present a case for the proposed project and that it outlines details of the data and inputs used to support its arguments. In relation to the development of ISO 9001:2008 user needs were identified from the following:
- the results of a formal “Systematic Review” on ISO 9001:2000 that was performed by the members of ISO/TC 176/SC2 during 2003-2004
- feedback from the ISO/TC 176/Working Group on “Interpretations”
- the results of an extensive worldwide “User Feedback Survey on ISO 9001 and ISO 9004″ by ISO/TC 176/SC 2/WG 18 and similar national surveys.
The Justification Study identified the need for an amendment, provided that the impact on users would be limited and that changes would only be introduced when there were clear benefits to users.
The key focuses of the ISO 9001:2008 amendment were to enhance the clarity of ISO 9001:2000 and to enhance its compatibility with ISO14001:2004.
A tool for assessing the impacts versus benefits for proposed changes was created to assist the drafters of the amendment in deciding which changes should be included, and to assist in the verification of drafts against the identified user needs. The following decision making principles were applied:
1) No changes with high impact would be incorporated into the standard;
2) Changes with medium impact would only be incorporated when they provided a correspondingly medium or high benefit to users of the standard;
3) Even where a change was low impact, it had to be justified by the benefits it delivered to users, before being incorporated.
The changes incorporated in this ISO 9001:2008 edition were classified in terms of impact into the following categories:
- No changes or minimum changes on user documents, including records
- No changes or minimum changes to existing processes of the organization
- No additional training required or minimal training required
- No effects on current certifications
The benefits identified for the ISO 9001:2008 edition fall into the following categories:
- Provides clarity
- Increases compatibility with ISO 14001.
- Maintains consistency with ISO 9000 family of standards.
- Improves translatability.

Role of Governments in ISO 14001 Standards

Role of Governments in ISO 14001 Standards
Although ISO 14001 is a set of voluntary standards that individual companies may or may not choose to adopt, governments can clearly have a role in providing information, establishing the necessary framework and infrastructure, and, in some cases, helping companies to develop thebasic capabilities to adopt ISO 14001. There are wo particular areas in which government action would be useful:(a) providing information on he sectors and markets where ISO 14001 certification s a significant issue and assisting sector rganizations to develop appropriate responses, and(b) helping to establish a certification framework, ased on strengthening national standards organizations and encouraging competitive private sector provision of auditing and certificationservices. At present, the World Bank is having discussions with a number of countries about how assistance could be provided with these issues.
Governments should see EMS approaches as part of a broad environmental strategy that includes regulatory systems, appropriate financial incentives, and encouragement of improved industrial performance. Such encouragement can really only be effective where there is cooperation at the government level between the relevant departments, including industry and trade, as well as environment. There is a growing interest in integrating environmental management issues into productivity or competitiveness centers designed to promote SME performance, but little information exists on experience to date.

ISO 14001:2004 Standards Contents

ISO 14001:2004 Standards
ISO 14000 is a series of international standards on environmental management. It provides a framework for the development of an environmental management system and the supporting audit programme.
The main thrust for its development came as a result of the Rio Summit on the Environment held in 1992.
ISO 14000 is an Environmental Management System (EMS), which requires that an organization consider the environmental aspects of its products and services.
Iso14000 approach forces you to take a hard look at all areas of your business that has an environmental impact.
Iso14000 is the world’s first series of Internationally accepted Standards for Environmental Management Systems (EMS).
Iso14000 elevates Environmental Management to a Strategic Level that can be applied to any organization, from any industry, anywhere in the world.
ISO 14000 is a series of voluntary standards and guideline reference documents.
The part of the overall management system that includes organizational structure, planning activities, responsibilities, practices, procedures, processes and resources for developing, implementing, achieving, reviewing and maintaining the environmental policy.
Iso14000 is the world’s first series of Internationally accepted Standards for Environmental Management Systems (EMS).
Iso14000 elevates Environmental Management to a Strategic Level that can be applied to any organization, from any industry, anywhere in the world.
ISO 14000 is a series of voluntary standards and guideline reference documents.
The part of the overall management system that includes organizational structure, planning activities, responsibilities, practices, procedures, processes and resources for developing, implementing, achieving, reviewing and maintaining the environmental policy.
ISO 14000 is an Environmental Management System (EMS) who’s purpose is:
· A management commitment to pollution prevention.
· An understanding of the environmental impacts (reducing) of an organization’s activities.
A commitment (pollution prevention) to employees, neighbors and customers
ISO 14001 is the corner stone standard of the ISO 14000 series. It specifies a framework of control for an Environmental Management System against which an organization can be certified by a third party.
The environment cannot be protected by our convictions or goodwill alone. Efforts to protect the environment must be planned, coordinated and organized into a system, such as ISO 14001.
ISO14001 requires an Environmental Policy to be in existence within the organisation, fully supported by senior management, and outlining the policies of the company, not only to the staff but to the public. The policy needs to clarify compliance with Environmental Legislation that may effect the organization and stress a commitment to continuous improvement. Emphasis has been placed on policy as this provides the direction for the remainder of the Management System.
Those companies who have witnessed ISO9000 Assessments will know that the policy is frequently discussed during the assessment, many staff are asked if they understand or are aware of the policy, and any problems associated with the policy are seldom serious. The Environmental Policy is different, this provides the initial foundation and direction for the Management System and will be more stringently reviewed than a similar ISO9000 policy. The statement must be publicised in non-technical language so that it can be understood by the majority of readers. It should relate to the sites within the organisation encompassed by the Management System, it should provide an overview of the company’s activities on the site and a description of those activities. A clear picture of the company’s operations.
The preparatory review and definition of the organization’s environmental effects is not part of a ISO14001 Assessment, however examination of this data will provide an external audit with a wealth of information on the methods adopted by the company. The preparatory review itself should be comprehensive in consideration of input processes and output at the site. This review should be designed to identify all relevant environmental aspects that may arise from existence on the site. These may relate to current operations, they may relate to future, perhaps even unplanned future activities, and they will certainly relate to the activities performed on site in the past (i.e. contamination of land).
The initial or preparatory review will also include a wide-ranging consideration of the legislation which may effect the site, whether it is currently being complied with, and perhaps even whether copies of the legislation are available. Many of the environmental assessments undertaken already have highlighted that companies are often unaware of ALL of the legislation that affects them, and being unaware, are often not meeting the requirements of that legislation.
The company will declare its primary environmental objectives, those that can have most environmental impact. In order to gain most benefit these will become the primary areas of consideration within the improvement process, and the company’s environmental program. The program will be the plan to achieve specific goals or targets along the route to a specific goal and describe the means to reach those objectives such that they are real and achievable. The Environmental Management System provides further detail on the environmental program. The EMS establishes procedures, work instructions and controls to ensure that implementation of the policy and achievement of the targets can become a reality. Communication is a vital factor, enabling people in the organisation to be aware of their responsibilities, aware of the objectives of the scheme, and able to contribute to its success.
As with ISO9000 the Environmental Management System requires a planned comprehensive periodic audit of the Environmental Management System to ensure that it is effective in operation, is meeting specified goals, and the system continues to perform in accordance with relevant regulations and standards. The audits are designed to provide additional information in order to exercise effective management of the system, providing information on practices which differ to the current procedures or offer an opportunity for improvement.
In addition to audit, there is a requirement for Management Review of the system to ensure that it is suitable (for the organization and the objectives) and effective in operation. The management review is the ideal forum to make decisions on howe to improve for the future.
The newly revised ISO 14001:2004 specifies the requirements for an environmental management system (EMS), which provides a framework for an organization to control the environmental impacts of its activities, products and services, and to continually improve its environmental performance. It applies to those environmental aspects which the organization can control and over which it can be expected to have an influence. It does not itself state specific environmental performance criteria. ISO 14001:2004 is applicable to any organization that wishes to:
· implement, maintain and improve an environmental management system
· assure itself of its conformance with its stated environmental policy
· demonstrate such conformance to others
· seek certification/registration of its environmental management system by an external organization
· make a self-determination and self-declaration of conformance with this international standard.
All the requirements in this standard can be incorporated into any environmental management system. Having been revised, the improved ISO 14001 is now expected to bring the benefits of implementing an EMS to more businesses than ever. The standard is now easier to understand and use and has more detailed checklists for inputs and outputs from the management review and has increased compatibility to ISO 9001. Organizations who are currently registered to ISO 14001:1996 will have an 18-month transition period to register to ISO 14001:2004.

ISO 9001:2008 Requirements – Management Responsibility

ISO 9001:2008 Requirements - Management Responsibility
All requirements in clause 5 are the responsibility of top management.
5.1 Management Commitment
Provide evidence of management commitment to develop and implement the quality management system, as well as, continually improve its effectiveness by:? Expressing the importance of meeting requirements? Establishing the quality policy and quality objectives? Conducting management reviews? Ensuring the availability of necessary resources
5.2 Customer FocusEnsure customer requirements are determined and met in order to improve customer satisfaction.
5.3 Quality Policy
Ensure the quality policy is:? Appropriate to the purpose of the organization? Focused on meeting requirements and continual improvement? Used as a framework for quality objectives? Communicated and understood at appropriate levels? Reviewed for continuing suitability
5.4 Planning
5.4.1 Quality Objectives
Ensure quality objectives, including those needed to meet product requirements, are established at the relevant functions and levels within the organization. Ensure quality objectives are measurable and consistent with the quality policy.
5.4.2 Quality Management System Planning
Ensure that planning for the quality management system:? Meets the general requirements (4.1), as well as, quality objectives (5.4.1)? Maintains the system integrity when changes are planned and implemented5.5 Responsibility, Authority, and Communication
5.5.1 Responsibility and Authority
Ensure responsibilities and authorities are defined and communicated within the organization.
5.5.2 Management Representative
Appoint a member of your management who, irrespective of other duties, has the responsibility and authority to:? Ensure the needed processes are established, implemented, and maintained? Report to top management on quality management system performance? Report to top management on any need for improvement? Ensuring the promotion of awareness of customer requirements
NOTE: The responsibility of a management representative can include being the liaison with external parties on matters relating to the quality management system.
5.5.3 Internal Communication
Ensure the appropriate communication processes are established and carried out within the organization regarding the effectiveness of the system.
5.6 Management Review
5.6.1 General
Review the quality management system at planned intervals to:? Ensure a suitable, adequate, and effective system? Assess possible opportunities for improvement? Evaluate the need for any changes to the system? Consider the need for changes to the quality policy and objectivesMaintain records of the management reviews.
5.6.2 Review Input
Inputs for management review must include information on:? Results of audits? Customer feedback? Process performance and product conformity? Status of preventive and corrective actions? Follow-up actions from earlier reviews? Changes that could affect the quality system? Recommendations for improvement
5.6.3 Review Output
Outputs from the management review must include any decisions and actions related to:? Improvement of the effectiveness of the quality management system and its processes? Improvement of product related to customer requirements? Resource needs

Update on ISO 9001:2008

Update on ISO 9001:2008

Following a recent meeting of ISO’s Technical Committee TC176 in Helsinki, Finland, from June
11 – 15t, 2007, publication of the new version of ISO 9001 has been brought forward from 2009
and is now scheduled to be published in October 2008. Experts representing over 70 ISO member
bodies, met to discuss the comments received during circulation of the Committee Draft (”CD”) of
the new standard, and concluded that in view of the very limited changes being proposed, the draft
is now sufficiently mature to progress directly to the DIS (Draft International Standard).
The main changes being introduced into the new standard are as follows:
Clause 0.2 (Process approach)
Text added to emphasize the importance of processes being capable of achieving desired outputs
Clause 1.1 (Scope)
Clarification that “product” also includes intermediate product
Explanation regarding statutory, regulatory and legal requirements
Clause 4.1 (General requirements)
Notes added to explain more about outsourcing
Types of control that may be applied to outsourced processes
Relationship to clause 7.4 (Purchasing)
Clarification that outsourced processes are still responsibility of the organization and must be
included in the quality management system
Clause 4.2.1 (Documentation)
Clarification that QMS documentation also includes records
Documents required by the standard may be combined
ISO 9001 requirements may be covered by more than one documented procedure
Clause 4.2.3 (Document control)
Clarification that only external documents relevant to the QMS need to be controlled
Clause 4.2.4 (Records control)
Editorial changes only (better alignment with ISO 14001)
Clause 5.5.2 (Management rep)
Clarifies that this must be a member of the organization’s own management
Clause 6.2.1 (Human resources)
Clarification that competence requirements are relevant for any personnel who are involved in the
operation of the quality management system
Clause 6.3 (Infrastructure)
Includes information systems as example
Clause 6.4 (Work environment)
Clarifies that this includes conditions under which work is performed and includes, for example
physical, environmental and other factors such as noise, temperature, humidity, lighting, or weather
Clause 7.2.1 (Customer related processes)
Clarifies that post-delivery activities may include:
- Actions under warranty provisions
- Contractual obligations such as maintenance services
- Supplementary services such as recycling or final disposal
Clause 7.3.1 (Design & development planning)
Clarifies that design and development review, verification and validation have distinct purposes
These may be conducted and recorded separately or in any combination as suitable for the product
and the organization
Clause 7.3.3(Design & development outputs)
Clarifies that information needed for production and service provision includes preservation of the product
Clause 7.5.4 (Customer property)
Explains that both intellectual property and personal data should be considered as customer property
Clause 7.6 (Now retitled Control of Monitoring and Measuring equipment)
Explanatory notes added regarding the use of computer software: “Confirmation of the ability of computer software to satisfy the intended application would typically include its verification and configuration management to maintain its suitability for use.”
Clause 8.2.1 (Customer satisfaction)
Note added to explain that monitoring of customer perception may include input from sources such as customer satisfaction surveys, customer data on delivered product quality, user opinion surveys, lost business analysis, compliments, and dealer reports
Clause 8.2.3 (Monitoring / Measurement of process)
Note added to clarify that when deciding on appropriate methods, the organization should consider impact on the conformity to product requirements and on the effectiveness of the quality management system.

Goal and Scope of an ISO 9000 quality system

Goal and Scope of an ISO 9000 quality system

The ISO 9000 Standard states its goal in two blunt words: customer satisfaction.How do we achieve customer satisfaction? By meeting customer requirements.The quality management system (QMS) helps us to dothis by:
a. Applying the system. Actually using it. Putting it at the heart ofour organization.b. Continually improving the system. The QMS is never done. Afterall, customer requirements do not stand still—they evolve and grow tougher.So we have to improve continually in order to survive.
(The guidance document, ISO 9004: 2000, sets a compatibleand in some respects more ambitious goal: “improving theprocesses of an organization to enhance performance.”) Prevention of nonconformity. Prevention is the key term here: prevention,rather than detection. Quality management has longsince evolved away from the old “inspect quality in” approach.Prevention is cheaper, more effective, and more protective of thecustomer. Detection is also a different mindset. It requires a veryhigh degree of process orientation, upstream thinking, and relentlessanalysis.To what types of organizations does the Standard apply? Alltypes. The requirements “are generic and applicable to all organizations,regardless of type and size.” A compliant QMS can be implementedby any organization, producing any product or service,anywhere in the world.Within the organization, the impact of the requirements and theQMS are similarly broad. The Standard “applies to the activities of organizationsfrom the identification of customer requirements, throughall quality management system processes, to the achievement of customersatisfaction.” Every activity within the organization that impactsthe process of creating customer satisfaction is affected by therequirements of the Standard.

ISO 9001:2008 Documentation Requirements

ISO 9001:2008 Documentation Requirements
ISO 9001:2008 clause 4.1 General requirements requires an organization to “establish, document, implement, and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standard”
ISO 9001:2008 Clause 4.2.1 General explains that the quality management system documentation shall include:
documented statements of a quality policy and quality objectives;
a quality manual
documented procedures required by this International Standard
documents needed by the organization to ensure the effective planning, operation and control of its processes, and
records required by this International Standard;
The notes after Clause 4.2 make it clear that where the standard specifically requires a “documented procedure”, the procedure has to be established, documented, implemented and maintained. It also emphasizes that the extent of the QMS documentation may differ from one organization to another due to:
the size of organization and type of activities;
the complexity of processes and their interactions, and
the competence of personnel.
All the documents that form part of the QMS have to be controlled in accordance with clause 4.2.3 of ISO 9001:2008, or, for the particular case of records, according to clause 4.2.4.
Guidance on Clause 4.2 of ISO 9001:2008
The following comments are intended to assist users of ISO 9001:2008 in understanding the intent of the general documentation requirements of the International Standard.
a) Documented statements of a quality policy and objectives:
Requirements for the quality policy are defined in clause 5.3 of ISO 9001:2008. The documented quality policy has to be controlled according to the requirements of clause 4.2.3.Note: Organizations that are revising their quality policy for the first time, or in order to meet the amended requirements in ISO 9001:2008, should pay particular attention to clause 4.2.3 (c), (d) and (g).
Requirements for quality objectives are defined in clause 5.4.1 of ISO 9001:2008. These documented quality objectives are also subject to the document control requirements of clause 4.2.3.
b) Quality Manual:
Clause 4.2.2 of ISO 9001:2008 specifies the minimum content for a quality manual. The format and structure of the manual is a decision for each organization, and will depend on the organization’s size, culture and complexity. Some organizations may choose to use the quality manual for other purposes besides that of simply documenting the QMS
A small organization may find it appropriate to include the description of its entire QMS within a single manual, including all the documented procedures required by the standard.
Large, multi-national organizations may need several manuals at the global, national or regional level, and a more complex hierarchy of documentation.
The quality manual is a document that has to be controlled in accordance with the requirements of clause 4.2.3.
c) Documented procedures:
ISO 9001:2008 specifically requires the organization to have “documented procedures” for the following six activities:4.2.3 Control of documents4.2.4 Control of records8.2.2 Internal audit8.3 Control of nonconforming product8.5.2 Corrective action8.5.3 Preventive action
These documented procedures have to be controlled in accordance with the requirements of clause 4.2.3
Some organizations may find it convenient to combine the procedure for several activities into a single documented procedure (for example, corrective action and preventive action). Others may choose to document a given activity by using more than one documented procedure (for example, internal audits). Both are acceptable.
Some organizations (particularly larger organizations, or those with more complex processes) may require additional documented procedures (particularly those relating to product realization processes) to implement an effective QMS.
Other organizations may require additional procedures, but the size and/or culture of the organization could enable these to be effectively implemented without necessarily being documented. However, in order to demonstrate compliance with ISO 9001:2008, the organization has to be able to provide objective evidence (not necessarily documented) that its QMS has been effectively implemented.
d) Documents needed by the organization to ensure the effective planning, operation and control of its processes:
In order for an organization to demonstrate the effective implementation of its QMS, it may be necessary to develop documents other than documented procedures. However, the only documents specifically mentioned in ISO 9001:2008 are:- Quality policy (clause 4.2.1.a)- Quality objectives (clause 4.2.1.a)- Quality manual (clause 4.2.1.b)
There are several requirements of ISO 9001:2008 where an organization could add value to its QMS and demonstrate conformity by the preparation of other documents, even though the standard does not specifically require them. Examples may include:- Process maps, process flow charts and/or process descriptions- Organization charts- Specifications- Work and/or test instructions- Documents containing internal communications- Production schedules- Approved supplier lists- Test and inspection plans- Quality plans
All such documents have to be controlled in accordance with the requirements of clause 4.2.3 and/or 4.2.4, as applicable
e) Records:
Examples of records specifically required by ISO 9001:2008 are presented in Annex B.
Organizations are free to develop other records that may be needed to demonstrate conformity of their processes, products and quality management system.
Requirements for the control of records are different from those for other documents, and all records have to be controlled according to those of clause 4.2.4 of ISO 9001:2008.

Establishing a ISO 9001 records procedure

The standard requires records to remain legible, readily identifiable and retrievable and that a procedure defines the controls needed for the identification, storage, protection, retrieval, retention time and disposition of records. Records have a life cycle. They are generated during
which time they acquire an identity and are then assigned for storage for a prescribed period. During use and storage they need to be protected from inadvertent or malicious destruction and as they may be required to support current activities or investigations, they need to be brought out of storage quickly. When their usefulness has lapsed, a decision is made as to whether to
retain them further or to destroy them. Readily retrievable means that records can be obtained on demand within a reasonable period (hours not days or weeks) Readily identifiable means that
the identity can be discerned at a glance.

Although the requirement implies a single procedure, several may be necessary because there are several unconnected tasks to perform. A procedure cannot in fact ensure a result. It may prescribe a course of action which if followed may lead to the correct result, but it is the process that ensures the result not the procedure.

The revised requirement omits several aspects covered in clause 4.16 of the 1994 version.
Collection of records is now addressed by Analysis of data (clause 8.4)
Indexing of records is a specific form of identification and is therefore already addressed
Access is now addressed by the requirement for record retrieval
Filing is a specific form of storage and is therefore already addressed

You may only need one procedure which covers all the requirements but this is not always practical. The provisions you make for specific records should be included in the documentation for controlling the activity being recorded. For example, provisions for inspection records should be included in the inspection procedures; provisions for design review records should be included in the design review procedure. Within such procedures you should provide the forms (or content requirement for the records), the identification, collection/ submission provisions, the indexing and filing provisions. It may be more practical to cover the storage, disposal and retention provisions in separate procedures because they may not be type-dependent. Where each department retains their own records, these provisions may vary and therefore warrant
separate procedures.

Unlike prescriptive documents, records may contain handwritten elements and therefore it is important that the handwriting is legible. If this becomes a problem, you either improve discipline or consider electronic data capture.

Records also become soiled in a workshop environment so may need to be protected to remain legible. With electronically captured data, legibility is often not a problem. However, photographs and other scanned images may not transfer as well as the original and lose detail so care has to be taken in selecting appropriate equipment for this task.

Whatever the records, they should carry some identification in order that you can determine what they are, what kind of information they record and what they relate to. A simple way of doing this is to give each record a reference number and a name or title in a prominent location on the record.

1994 –2000 Differences

Previously the standard covered retrieval in four ways. It required:

(a) that quality records be made available for evaluation by the customer or his representative for an agreed period, where agreed contractually

Records can take various forms – reports containing narrative, computer data, and forms containing data in boxes, graphs, tables, lists and many others. Where forms are used to collect data, they should carry a form number and name as their identification. When completed they should carry a serial number to give each a separate identity. Records should also be traceable to the product or service they represent and this can be achieved either within the reference number or separately, provided that the chance of mistaken identity is eliminated. The standard does not require records to be identifiable to the product involved but unless you do make such
provision you will not be able to access the pertinent records or demonstrate conformance to specified requirements.

Preparing the ISO 9001 quality manual

The standard requires a quality manual to be establishedand maintained that includes the scope of the qualitymanagement system, the documented procedures or refer-ence to them and a description of the sequence andinteraction of processes included in the quality manage-ment system.
ISO 9000 defines a quality manual as a documentspecifying the quality management system of an organi-zation. It is therefore not intended that themanual be a response to the requirements ofISO 9001. As the top-level document describingthe management system it is a system descriptiondescribing how the organization is managed.Countless quality manuals produced to satisfy ISO 9000 :2008, were nomore than 20 sections that paraphrased the requirements of the standard.Such documentation adds no value. They are of no use to managers, staff orauditors. Often thought to be useful to customers, organizations would gainno more confidence from customers than would be obtained from theirregistration certificate.
This requirement responds to the System Approach Principle.A description of the management system is necessary as a means of showinghow all the processes are interconnected and how they collectively deliver thebusiness outputs. It has several uses as :a means to communicate the vision, values, mission, policies and objectivesof the organizationa means of showing how the system has been designeda means of showing linkages between processesa means of showing who does whatan aid to training new peoplea tool in the analysis of potential improvementsa means of demonstrating compliance with external standards and regulations
When formulating the policies, objectives and identifying the processes toachieve them, the manual provides a convenient vehicle for containing suchinformation. If left as separate pieces of information, it may be more difficult tosee the linkages.The requirement provides the framework for the manual. Its content maytherefore include the following:1 Introduction(a) Purpose (of the manual)(b) Scope (of the manual)(c) Applicability (of the manual)(d) Definitions (of terms used in the manual)2 Business overview(a) Nature of the business/organization – its scope of activity, its productsand services(b) The organization’s interested parties (customers, employees, regulators,shareholders, suppliers, owners etc.)(c) The context diagram showing the organization relative to its externalenvironment(d) Vision, values(e) Mission3 Organization(a) Function descriptions(b) Organization chart(c) Locations with scope of activity4 Business processes(a) The system model showing the key business processes and how they areinterconnected(b) System performance indicators and method of measurement(c) Business planning process description(d) Resource management process description(e) Marketing process description(f) Product/service generation processes description(g) Sales process description(h) Order fulfilment process description5 Function matrix (Relationship of functions to processes)6 Location matrix (Relationship of locations to processes)7 Requirement deployment matrices(a) ISO 9001 compliance matrix(b) ISO 14001 compliance matrix(c) Regulation compliance matrices (FDA, Environment, Health, Safety,CAA etc.)8 Approvals (List of current product, process and system approvals)

Scope of the ISO 9001 quality management system

The standard requires the quality manual to include the scope of the quality management system including details of justification for any exclusion.
The standard addresses activities that may not be relevant or applicable to an organization. The permissible exclusions are explained in section 1.2 of ISO 9001. Here it states that the organization may only exclude requirements that neither affect the organization’s ability, nor its responsibility to provide product that meets customer and applicable regulatory requirements. The requirements for which exclusion is permitted are limited to those in section 7 of the standard.
Under ISO 9000 :2008, it was possible for organizations to exclude functions and processes of their organization that may have been difficult to control or were not part of the order fulfilment cycle. Organizations that designed their own products but not for specific customers could escape bringing these operations into the management system. Marketing was omitted because itoperated before placement of order. Accounting, Administration, Maintenance, Publicity, Public Relations and After Sales Support functions were often omitted because there were no requirements in the standard that specifically dealt with such activities. As there is no function in an organization that does not directly or indirectly serve the satisfaction of interested parties, it is unlikely that any function or process will now be excluded from the management system.
This requirement responds to the System Approach Principle.It is sensible to describe the scope of the management system so as to ensure effective communication. The scope of the management system is one area that generates a lot of misunderstanding particularly when dealing with auditors, consultants and customers. When you claim you have a management system that meets ISO 9001 it could imply that you design, develop, install and service the products you supply, when in fact you may only be a distributor.
Why you need to justify specific exclusions is uncertain because it is more practical tojustify inclusions.
The scope of the management system is the scope of the organization. There is no longer any reason to exclude locations, activities, functions or processes for which there is no requirement in the standard. The reason is because the ISO 9000 family now serves customer satisfaction and is not limited to quality assurance as were the 1994 versions of ISO 9001, ISO 9002 and ISO 9003.
It is not appropriate to address exclusions by inserting pages in the manual corresponding to the sections of the standard and adding justification if not within the scope of the management system – such as ‘We don’t do this!’. It is much more appropriate to use an appendix as indicated previously in the manual contents list. By describing the nature of the business, you are establishing boundary conditions. If in doing so you do not mention that you design products, it will be interpreted that design is not applicable. For exclusions relative to detail requirements, the Compliance Matrix may suffice but for an unambiguous solution, it is preferable to produce an exposition that addresses each requirement of the standard.

Managing processes In ISO 9001 Standard

The standard requires the organization to manage the identified processes in accordance with the requirements of ISO 9001. The first stage in managing a process is to establish what it is you are trying to achieve, what requirements you need to satisfy, what goals you are aiming at; then establish how you will measure your achievements. The next stage is to define the process you will employ to deliver the results. Managing the process then involves managing all the inherentcharacteristics of the process in such a manner that the requirements of customers and interested parties are fulfilled by the process outcomes. This means:Managing the process inputsManaging the workManaging the physical resourcesManaging the financial resourcesManaging the human resourcesManaging the constraintsManaging the outputs
Process management is therefore much more than managing activities and therefore when describing processes, one needs more than a flow chart of activities. The chart is a diagrammatical representation of a process but only one aspect. One can also add numerical data to the charts to indicate resources, cycle times, delays, costs etc. but the intangible factors of the human environment cannot be reduced to numerical data to add to the charts.
The notes to clause 4.1 of ISO 9001 need some explanation. It is stated that the processes needed for the management system include management activities, provision of resources, product realization and measurement. This note could cause confusion because it suggests that these are the processes that are needed for the management system. It would be unwise to use this as the model and far better to identify the processes from observing how the business operates. The term provision of resources should be Resource Management, which is thecollection of processes covering financial, human and physical resources.
Product realization is also a collection of processes such as design, production, service delivery, etc. Measurement is not a single process but a sub-process within each process. Grouping all the measurement processes together serves no useful purpose except it matches the standard – a purpose of little value in managing the organization.
The second note refers to outsourcing processes although it is difficult to imagine that management activities, product realization or measurement would be outsourced in its entirety. It is likely that market research; design, product verification, equipment calibration and other specialized services may be outsourced. While outsourcing comes under purchasing, it is correct to point out that the organization should control any outsourced processes. The supplier of the process is usually referred to as a subcontractor because they provide services to the organization’s requirements not their own. Control of subcontractors is covered by clause 7.4 but in meeting clause 7.4.3, you need to treat suppliers and subcontractors differently.

ISO 9001 / ISO 14001 Video

Watch ISO 14001 Video at http://www.youtube.com/watch?v=KUxbyQUGSnU

Watch ISO 9001 Video at http://www.youtube.com/watch?v=G8WI2MgyS7w

ISO 9000 Series and Six Sigma

ISO (International Organization for Standardization) 9000 series standards were first published in 1987, revised in 1994, and re-revised in 2000 by the ISO. The 2000 revision, denoted by ISO 9000:2000, has attracted broad expectations in industry.
As of the year 2001, more than 300,000 organizations world-wide have been certified to the ISO 9000 series standards. It embodies a consistent pair of standards, ISO 9001:2000 and ISO 9004:2000, both of which have been significantly updated and modernized. The ISO 9001:2000 standard specifies requirements for a quality management system for which third-party certification is possible, whereas ISO 9004:2000 provides guide- lines for a comprehensive quality management system and performance improvement through Self-Assessment.
The origin and historical development of ISO 9000 and Six Sigma are very different. The genesis of ISO 9000 can be traced back to the standards that the British aviation industry and the U.S. Air Force developed in the 1920s to reduce the need for inspection by approving the conformance of suppliers’ product quality. These standards developed into requirements for suppliers’ quality assurance systems in a number of western countries in the 1970s. In 1987 they were amalgamated into the ISO 9000 series standards.
Independent of ISO 9000, the same year also saw the launch of Six Sigma at Motorola and the launch of Self-Assessment by means of the Malcolm Baldrige National Quality Award in USA. Both Six Sigma and Self-Assessment can be traced back to Walter A. Shewhart and his work on variation and continuous improvement in the 1920s. It was Japanese industry that pioneered a broad application of these ideas from the 1950s through to the 1970s. When variation and continuous improvement caught the attention of some of the American business leaders in the late 1980s, it took the form of the Malcolm Baldrige National Quality Award, on a national level, and of Six Sigma at Motorola.
Some people are wondering if the ISO 9000:2000 series standards make Six Sigma superfluous. They typically refer to clause 8 of ISO 9001: “Measurement, analysis, improvement.”
It requires that companies install procedures in operations for the measurement of processes and data analysis using statistical techniques with the demonstration of continuous improvement . They also partly refer to the ISO 9004:2000 standards that embody guidelines and criteria for Self-Assessment similar to the national quality awards.
The author firmly believes that Six Sigma is needed regardless of whether a company is compliant with the ISO 9000 series. The two initiatives are not mutually exclusive and the objectives in applying them are different. A Six Sigma program is applied in organizations based on its top-line and bottom-line rationales. The primary objective for applying the ISO 9000 series standards is to demonstrate the company’s capability to consistently provide conforming products and/or services. Therefore, the ISO 9000 series standard falls well short of making Six Sigma superfluous.
The ISO 9000 series standards have from their early days been regarded and practiced by industry as a minimum set of requirements for doing business. The new ISO 9000:2000 stan
dards do not represent a significant change to this perspective. Six Sigma on the other hand, aims at world-class performance, based on a pragmatic framework for continuous improvement.
The author believes that Six Sigma is superior in such important areas as rate of improvement, bottom-line and top-line results, customer satisfaction, and top-level management commitment. However, considering the stronghold of ISO 9000 in industry, Six Sigma and ISO 9000 are likely to be applied by the same organization, but for very different purposes.

Background and Future of ISO 9001:2008

ISO 9001 serves as the basis for benchmarking an organization’s quality management system. Quality management should not be confused with terms such as quality assurance” or quality control. Quality management measures the overall management function in determining the organization’s quality policy, its objectives, and its responsibilities, as well as the quality policy implementation through means such as quality assurance and quality control. Quality assurance measures all planned and systematic activities implemented within the organizations quality system. Quality control is the operational techniques and activities used to fulfil quality requirements (e.g., meeting a customer’s specifications or requirements for a given product or service).
Revision of the ISO 9000 standards has been under discussion for a number of years. Soon after the 1994 revisions, ISO Technical Committee 176 began the task of overcoming the standard’s manufacturing bias while, at the same time, overcoming other persistent criticisms that the standard did not adequately cover all aspects of the QMS.
The development of ISO 9001:2008 has been a particularly interesting process to behold. It is an object lesson in consensus building. ISO Technical Committee 176, with the participation of various national standards bodies, has actually managed to overcome criticisms from apparently opposite directions and written a document that appears to be acceptable to the great majority of ISO’s member bodies.
The manufacturing industry criticized the older versions of ISO 9001 for its failure to include a large range of quality management requirements in the standard. Some manufacturing industries considered ISO 9001 to be so inadequate that they developed their own expanded, industry-specific versions of the ISO 9001 standard. ISO was also criticized by non-manufacturing industries for catering to the manufacturing industries. Everything about the older versions of ISO 9001 seemed overwhelmingly rooted in a manufacturing environment.
The ISO technical committee found itself in a dilemma and then found a way out. ISO 9001:2008 appears to have actually reached a satisfactory compromise in which the language is generic enough to be applicable to industries other than manufacturing yet specific enough to satisfy the particular concerns of the manufacturing industry.
As far as actual implementation of the new standard was concerned, ISO Technical Committee 176 recommended that implementation of ISO 9001:2008 could begin as early as the fourth quarter of 1999 — one full year in advance of the standard’s scheduled publication. The ISO technical committee made this recommendation because ISO works through a lengthy consultative process to achieve a consensus. Once a consensus was obtained (in early 1999), further changes became improbable.

Origins of the ISO 9001’s Work

The ISO is a federation of non-governmental organizations established in 1947 to develop international standards, improve international communication and collaboration, and facilitate the exchange of goods and services. The federation is currently comprised of close to 100 national standards bodies (member bodies) from countries representing approximately 95 percent of the world’s industrial production.
The headquarters of the ISO 9001 secretariat is in Geneva, Switzerland.2 The ISO 9000’s involvement in establishing environmental standardsbegan in 1991 after organizers for the UN Conference on Environment and Development (held in Rio de Janeiro in 1992) asked whether or not ISO would be attending the conference and whether it was involved in any environmental activities. As a result, the ISO established a Strategic Advisory Group on the Environment (SAGE) in 1991 to assess the need for international environmental management standards.3 SAGE recommended that ISO proceed with an environmental standard by 1992 and that a technical committee be established to carry it through. On June 1, 1993, ISO’s Technical Committee 207 (TC 207) held its first plenary meeting.
TC 207 was directed to establish environmental standards in five areas of environmental management:- environmental management systems; environmental auditing and related- environmental investigation; environmental labeling; environmental performance evaluation; and life-cycle assessment.
Consequently, TC 207 was divided into five subcommittees (SCs) for each category of standard and one SC to cover the terms and definitions of the standards. In addition, a working group, which reports directly to TC 207, was formed to deal with the environmental aspects in product standards. The five SCs have two or more working groups (WGs) that report to them (unlike the WG on product standards previously mentioned which reports directly to TC 207).
The key factor that has propelled the ISO 14000 series of standards forward throughout the early 1990s is the increase in national environmental standards. Examples of these standards include some two dozen eco-labeling schemes worldwide (see Annex 1), the British Standards Institute’s BS 7750 (Specification for Environmental Management Systems), the Canadian Standards Association’s Z750 (A Guide for a Voluntary Environmental Management System), and the EU EMAS (Eco-Management and Audit Scheme). Other similar environmental management standards have been developed by the French Standards Association, the South African Bureau of Standards and the Spanish Standards Association.
With the proliferation of environmental standards, concerns have been expressed that these standards would fragment international markets and unduly favor the companies of the countries or of the regions where these standards were developed, unless they were developed by authoritative and broadly based international bodies. The ISO was to serve this role.

Key Elements of ISO 14001

The Resources, Roles, Responsibility, and Authority; Legal and Other Requirements; Evaluation of Compliance; and Nonconformity, Corrective Action and Preventive Action elements of ISO 14001 are all essential to the ongoing effectiveness of the EMS. This section describes how they function within the overall scheme.
1. Resources, Roles, Responsibility, and Authority (ISO 14001:2004, ?4.4.1)
?4.4.1 of ISO 14001 establishes three important requirements:
1. That management ensure the availability of resources to establish, implement, maintain, and improve the EMS;
2. That roles, responsibilities, and authorities be defined, documented, and communicated in order to facilitate effective environmental management; and
3. That top management appoint a management representative(s) who, irrespective of other responsibilities, will have responsibility and authority for implementing and maintaining the EMS and for reporting to top management on the performance of the EMS.
Ensuring Availability of Resources – Provision of resources for the EMS is almost always an issue within organizations. Although top management usually understands and accepts, at least in principle, the requirement to provide resources, the level of management that makes decisions on capital deployment and operating budgets often does not subscribe to the same requirement. Making the case for resources typically requires the implementation team or management representative to quantify intangibles such as the avoided cost of regulatory fines or the value to the environment of reducing environmental impacts.
When considering the requirement to provide resources, especially financial resources, it may be important to recognize that ISO 14001 requires the provision of resources for the establishment, implementation, maintenance, and improvement of the EMS, not necessarily resources to correct or prevent environmental impacts or to register to ISO 14001. When contemplating the cost of implementing ISO 14001, organizations, again, should think in terms of three separate cost categories:
1) Internal labor and external consultant costs to establish, implement, maintain, and improve the policy and procedural elements of ISO 14001;
2) Capital costs for correction or prevention of environmental impacts; and
3) Costs of registration to ISO 14001, if the organization elects to register.
Roles, Responsibilities, and Authorities – In the past, some organizations have employed a practice of not delegating responsibility and authority for environmental affairs to specific management representatives, reasoning that if the responsibility was diffused throughout the organization, no one person could become personally accountable for non-compliance with regulations or for environmental liabilities. §4.4.1 of ISO 14001 limits such ‘willful ignorance’ by requiring top management of the organization to appoint “specific management representative(s)” to ensure that the EMS is implemented and that top management be apprised of EMS performance. It also requires that the delegation of responsibility and authority be documented and communicated, thus eliminating circumstances where responsibility and authority for the EMS are diffuse or uncertain.
When §4.4.1 is read together with the requirement of the Environmental Policy for a commitment to comply with applicable legal requirements, §4.3.2, Legal and Other
Requirements, requiring a procedure for identifying legal requirements (following), and §4.5.2, Evaluation of Compliance, requiring a procedure for evaluating regulatory compliance, it is evident that the management representative is also responsible for ensuring that the organization is in compliance with applicable regulations. While this responsibility and authority can be delegated, the chain of delegation begins with top management and is passed to the management representative, effectively eliminating any uncertainty as to who is responsible and authorized to ensure regulatory compliance.
EMS Organizational Structure – There is an almost universal norm for the management structure of the EMS organization under ISO 14001. It begins with the top management position, proceeds to the top manager’s leadership team, and then to an EMS implementation team that is generally chaired by the management representative. The departments making up the relevant functions and levels of the organization and environmental, safety, and health professionals comprise the typical implementation team.
Defining Roles, Responsibilities, and Authorities for the EMS – In defining, documenting, and communicating EMS roles, responsibilities, and authorities, it makes sense to begin with top management and proceed through all of the positions having EMS responsibilities. Following is a generic example of how roles, responsibilities, and authorities might be documented and communicated in an EMS Procedures Manual:
Plant Manager
Authority: The Plant Manager has the authority, responsibility, and accountability for managing all aspects of ABC Company’s activities, products, and services at the Anytown facility.Source: Senior Vice President, Manufacturing, ABC Company, Inc.
EMS Responsibilities: Under the requirements of ISO 14001, the Plant Manager shall be specifically responsible for:
1) Defining the Environmental Policy;
2) Delegating authority and responsibility for the establishment, implementation, maintenance, and improvement of the EMS;
3) Providing human, technological, infrastructure, and financial resources and specialized skills; and
4) Periodically reviewing the EMS for suitability, adequacy, and effectiveness and directing changes as necessary to achieve the goals for an EMS and the commitment to continual improvement.
Leadership Team
EMS Responsibilities: The Leadership Team shall advise the Plant Manager on the exercise by
the Plant Manager of his/her responsibilities for the EMS.
Management Representative, Implementation and Maintenance Responsibilities
EMS Authority: The Plant Manager delegates to the Manager, ______ _______, the authority
to establish, implement, maintain, and improve the Environmental Management System and to
ensure that it conforms to the requirements of ISO 14001. In the context of ISO 14001, the
Manager, _____ _________, shall be the Management Representative.

Environmental Management Program

ISO 14001:2004 Section 4.3.4, Environmental Management Program(s), requires that organizations establish and maintain one or more environmental management programs for achieving their objectives. The environmental management program is a key element to the success of an EMS. Properly designed and implemented, environmental management programs should achieve the objectives and, consequently, improve your organization’s environmental performance.
According to ISO 14001 Section 4.3.4 the environmental management program must:
1. address each environmental objective and target
2. designate the personnel responsible for achieving targets at each relevant function and level of the
organization
3. provide an “action plan” describing how each environmental target will be achieved
4. establish a time-frame or a schedule for achieving each target.
An environmental management program is an action plan or a series of action plans to achieve an environmental objective.

Establishing a ISO 9001 records procedure

Establishing a ISO 9001 records procedure

The ISO 9001 standard requires records to remain legible, readily
identifiable and retrievable and that a procedure defines
the controls needed for the identification, storage,
protec- tion, retrieval, retention time and disposition of records.
Records have a life cycle. They are generated during
which time they acquire an identity and are then
assigned for storage for a prescribed period. During
use and storage they need to be protected from
inadvertent or malicious destruction and as they
may be required to support current activities or
investigations, they need to be brought out of storage
quickly. When their usefulness has lapsed, a decision is made as to whether to
retain them further or to destroy them.
Readily retrievable means that records can be obtained on demand within a
reasonable period (hours not days or weeks) Readily identifiable means that
the identity can be discerned at a glance.
Although the requirement implies a single procedure, several may be
necessary because there are several unconnected tasks to perform. A procedure
cannot in fact ensure a result. It may prescribe a course of action which if
followed may lead to the correct result, but it is the process that ensures the
result not the procedure.
The revised requirement omits several aspects covered in clause 4.16 of the
1994 version.
Collection of records is now addressed by Analysis of data (clause 8.4)
Indexing of records is a specific form of identification and is therefore
already addressed
Access is now addressed by the requirement for record retrieval
Filing is a specific form of storage and is therefore already addressed
You may only need one procedure which covers all the requirements but this
is not always practical. The provisions you make for specific records should be
included in the documentation for controlling the activity being recorded. For
example, provisions for inspection records should be included in the inspection
procedures; provisions for design review records should be included in the
design review procedure. Within such procedures you should provide the
forms (or content requirement for the records), the identification, collection/
submission provisions, the indexing and filing provisions. It may be more
practical to cover the storage, disposal and retention provisions in separate
procedures because they may not be type-dependent. Where each department
retains their own records, these provisions may vary and therefore warrant
separate procedures.
Unlike prescriptive documents, records may contain handwritten elements and
therefore it is important that the handwriting is legible. If this becomes a
problem, you either improve discipline or consider electronic data capture.
Records also become soiled in a workshop environment so may need to be
protected to remain legible. With electronically captured data, legibility is often
not a problem. However, photographs and other scanned images may not
transfer as well as the original and lose detail so care has to be taken in
selecting appropriate equipment for this task.
Whatever the records, they should carry some
identification in order that you can determine what
they are, what kind of information they record and
what they relate to. A simple way of doing this is to
give each record a reference number and a name or
title in a prominent location on the record.

1994 –2000 Differences

Previously the ISO 9001 standard covered retrieval in four ways. It required:
(a) that quality records be

made available for evaluation by the customer or his representative for an
agreed period, where agreed contractually

Records can take various forms – reports containing narrative,
computer data, and forms containing data in boxes, graphs, tables, lists and many others.
Where forms are used to collect data, they should carry a form number and name as their identification. When completed they should carry a serial number to give each a separate identity. Records should also be traceable to the product or service
they represent and this can be achieved either within the reference number or separately, provided that the chance of mistaken identity is eliminated. The standard does not require records to be identifiable to the product involved but unless you do make such
provision you will not be able to access the pertinent records or demonstrate conformance to specified requirements.

Retention of ISO 9001 records

ISO 9001 Record Retention

It is important that ISO 9000 records are not destroyed before their useful life is over.
There are several factors to consider when determining the retention time for
records.

The duration of the contract – some records are only of value whilst the
contract is in force.

The life of the product – access to the records will probably not be needed for
some considerable time, possibly long after the contract has closed. On
defence contracts the contractor has to keep records for up to 20 years and
for product liability purposes, in the worst-case situation (taking account of
appeals) you could be asked to produce records up to 17 years after you
made the produc
The period between management system assessments – assessors may wish to see
evidence that corrective actions from the last assessment were taken. If the
period of assessment is three years and you dispose of the evidence after 2
years, you will have some difficulty in convincing the assessor that you
corrected the deficiency.
While the ISO 9001 requirement applies only to records, you may also need to
retain tools, jigs, fixtures, test software – in fact anything that is needed to repair
or reproduce equipment in order to honour your long-term commitments.
Should the customer specify a retention period greater than what you
prescribe in your procedures, special provisions will need to be made and this
is a potential area of risk. Customers may choose not to specify a particular
time and require you to seek approval before destruction. Any contract that
requires you to do something different creates a problem in conveying the
requirements to those who are to implement them. The simple solution is to
persuade your customer to accept your policy. You may not want to change
your procedures for one contract. If you can’t change the contract, the only
alternative is to issue special instructions. You may be better off storing the
records in a special contract store away from the normal store or alternatively
attach special labels to the files to alert the people looking after the archives.